connect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill asks users to paste Clerk publishable and secret keys and then instructs embedding those keys verbatim into CLI arguments, generated .env/.connect files and commands, which requires the LLM to handle and output secret values directly (high exfiltration risk).

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). clerk.com is a known, legitimate identity provider (low risk), but the generated Studio host under the unknown exe.xyz domain (the "exe" label and .xyz TLD are commonly used for disposable/typosquat sites and can host arbitrary executables/services) is potentially suspicious and should be verified before trusting downloads or running deployed code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The deploy flow SSHs to exe.dev and explicitly clones and runs the "selem/docker-for-all" repository on the Studio VM, so remote code from that git repo is fetched and executed at runtime (selem/docker-for-all on the Studio at .exe.xyz).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs deploying to a VM and creating system-level files under /opt, generating service configs, and running (or troubleshooting with) sudo docker compose on the target host, which modifies system state and requires elevated privileges on that machine.